I have error "Access token validation failure. Invalid audience." For application set api permissions to offline_access, openid, profile, User.Read. User start auth, go to MS auth site, ask about login, password and grand.
After exchange code to access token i well receive
{'token_type': 'Bearer', 'scope': 'offline_access openid profile User.Read', 'expires_in': '3906', 'ext_expires_in': '3906', 'expires_on': '1653988700', 'not_before': '1653984493', 'resource': 'my_azure_client_id', ....}
Then i try get profile for current user with this access token. As result i have error "Access token validation failure. Invalid audience."
Help pease)
UPDATE
Configured permissions
The reason behind getting that error is because your token has wrong audience.
Please check what token you are using to call Graph API.
I tried to reproduce the same in my environment. If you are using
ID Tokeninstead ofAccess Token, you may get error like below:To know whether you are giving access token or id token, decode it in JSON Web Tokens - jwt.io.
For access token,
audclaim will be"https://graph.microsoft.com"or"00000003-0000-0000-c000-000000000000"For id token,
audclaim will be"your_app_client_id"Choose the access token carefully with
audas"https://graph.microsoft.com"while calling Microsoft Graph API:To get profile for current user, you can make use of below query:
I got the profile successfully using access token like below:
Replace your scope with
https://graph.microsoft.com/.defaultwhile generating access token to avoid confusion.Reference:
oauth 2.0 - Microsoft Graph API: Access token validation failure. Invalid audience - Stack Overflow
UPDATE:
In order to get authorization code, make the request by changing scope like below: